79 lines
3.4 KiB
YAML
79 lines
3.4 KiB
YAML
# .gitea/workflows/ci.yml — Wisp CI/CD (Gitea Actions, GitHub-Actions syntax)
|
|
# ---------------------------------------------------------------------------
|
|
# Runner model: a single self-hosted act_runner ON the briggen.dev server, with
|
|
# the host Docker socket mounted into job containers (see /root/act_runner/
|
|
# config.yaml). Because the runner is co-located with the host Docker daemon +
|
|
# the Traefik `proxy` network, deploy needs NO ssh keys and NO image registry —
|
|
# `docker compose` simply builds and (re)creates the `wisp` container on the host.
|
|
#
|
|
# Triggers:
|
|
# push to master -> test, then deploy-web
|
|
# pull_request -> test only
|
|
#
|
|
# Required repo secrets (Settings -> Actions -> Secrets) — used by the APK job
|
|
# once it is enabled (see TODO at the bottom): ANDROID_KEYSTORE_BASE64,
|
|
# ANDROID_KEYSTORE_PASSWORD, ANDROID_KEY_ALIAS, ANDROID_KEY_PASSWORD.
|
|
# ---------------------------------------------------------------------------
|
|
|
|
name: CI
|
|
|
|
on:
|
|
push:
|
|
branches: [master]
|
|
pull_request:
|
|
|
|
concurrency:
|
|
group: ci-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
# ---- test: typecheck + unit tests ----------------------------------------
|
|
# Runs on the default runner image (has Node, which actions/checkout needs);
|
|
# Bun is installed in a step rather than via a Node-less bun container.
|
|
test:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Install Bun
|
|
run: |
|
|
curl -fsSL https://bun.sh/install | bash
|
|
echo "$HOME/.bun/bin" >> "$GITHUB_PATH"
|
|
- run: bun install --frozen-lockfile
|
|
- run: bun run typecheck
|
|
- run: bun run test
|
|
|
|
# ---- deploy-web: build + (re)start the nginx web container on the host ----
|
|
# Runs on the server runner; the mounted host Docker socket means `docker
|
|
# compose` builds the image and recreates the `wisp` service in place, joined
|
|
# to the existing Traefik `proxy` network. No SSH, no registry.
|
|
deploy-web:
|
|
needs: test
|
|
if: github.event_name == 'push' && github.ref == 'refs/heads/master'
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Build + (re)start wisp on the host
|
|
run: docker compose -f deploy/wisp.compose.yml --project-directory . up -d --build --remove-orphans
|
|
- name: Health check
|
|
run: |
|
|
for i in $(seq 1 10); do
|
|
if docker exec wisp wget -qO- http://localhost:8080/healthz | grep -q ok; then
|
|
echo "healthy"; exit 0
|
|
fi
|
|
sleep 2
|
|
done
|
|
echo "wisp container did not become healthy" >&2; exit 1
|
|
|
|
# =========================================================================
|
|
# TODO (next iteration, once the runner is validated): build-apk.
|
|
# The Android build is genuinely risky (whisper.rn C++/NDK on RN 0.85) and
|
|
# untested locally (no Android SDK on the dev box). It must be socket-safe:
|
|
# a FULL `docker build` of a build-stage in docker/android.Dockerfile (repo
|
|
# COPYed in, prebuild + gradlew assembleRelease, signing via BuildKit
|
|
# --secret using the ANDROID_* secrets), then extract the APK with
|
|
# `docker create`/`docker cp` (NO host bind-mounts — they don't resolve over
|
|
# the mounted socket) and `docker cp` it into the running `wisp` container at
|
|
# /usr/share/nginx/html/wisp.apk (served at https://wisp.briggen.dev/wisp.apk),
|
|
# plus upload it as a CI artifact. Keystore secrets are already configured.
|
|
# =========================================================================
|